Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Add post-login complete security flow #3847

Merged
merged 4 commits into from
Jan 16, 2020
Merged

Add post-login complete security flow #3847

merged 4 commits into from
Jan 16, 2020

Conversation

jryans
Copy link
Collaborator

@jryans jryans commented Jan 15, 2020
edited
Loading

This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.

This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.

cross-signing-post-login

Fixes element-hq/element-web#11214
Depends on matrix-org/matrix-js-sdk#1153
Depends on element-hq/element-web#11891

@jryans
Add post-login complete security flow
27ee90c 
This adds a step after login to complete security for your new session. At the
moment, the only verification method is entering your SSSS passphrase, but nicer
paths will be added soon.

This new step only appears when crypto is available and the account has
cross-signing enabled in SSSS.

Fixes element-hq/element-web#11214
@jryans jryans requested a review from a team January 15, 2020 21:58
@jryans jryans mentioned this pull request Jan 15, 2020
Merged
turt2live
turt2live approved these changes Jan 15, 2020
View reviewed changes
Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm overall - does this work okay with soft logout? You can trick Riot into soft logging you out with localStorage.setItem("mx_soft_logout", true); and reloading the page. I wouldn't recommend trying to follow the code to determine if it works - it's probably better for your mental health to just press the buttons.

src/components/structures/MatrixChat.js Outdated Show resolved Hide resolved
src/components/structures/auth/CompleteSecurity.js Outdated Show resolved Hide resolved
src/components/structures/auth/CompleteSecurity.js Show resolved Hide resolved
jryans and others added 2 commits January 15, 2020 22:10
@jryans @turt2live
Tweak comparison
6e027ba 
Co-Authored-By: Travis Ralston <[email protected]>
@jryans @turt2live
Fix component index import
71fa322 
Co-Authored-By: Travis Ralston <[email protected]>
@turt2live
Copy link
Member

Just in case it gets buried in #riot-dev: test failures look legitmate (though the import sdk thing does manifest as the same error). After testing it: an account with SSSS or any cross-signing stuff is stuck at the login page after successfully submitting their credentials. It's not immediately clear to me why :(

@jryans jryans mentioned this pull request Jan 16, 2020
Merged
@jryans
Copy link
Collaborator Author

jryans commented Jan 16, 2020

I have confirmed that soft logout is working for account both with and without SSSS. I cannot reproduce any login issues, but perhaps my changes today have fixed what you saw. @turt2live, can you please retest?

@turt2live turt2live self-requested a review January 16, 2020 16:25
turt2live
turt2live approved these changes Jan 16, 2020
View reviewed changes
Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm either way

src/components/structures/MatrixChat.js Show resolved Hide resolved
@jryans jryans merged commit 8923039 into develop Jan 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@turt2live turt2live turt2live approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Post-login cross-signing setup flow
2 participants
@jryans @turt2live